Create codeql.yml #212
Create codeql.yml #212
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds CodeQL static analysis to the repository by introducing a GitHub Actions workflow that will automatically scan the codebase for security vulnerabilities and code quality issues.
Key Changes:
- Configured CodeQL scanning for
actionsandjavascript-typescriptlanguages - Set up automated analysis triggers on push to main, pull requests, and weekly schedule (Mondays at 15:40 UTC)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
@copilot codeql result is empty. make sure you run build before analysis. analyse only esm build, ignore anyrhing else. |
Co-authored-by: kwinto <90881+kwinto@users.noreply.github.com>
Co-authored-by: kwinto <90881+kwinto@users.noreply.github.com>
Co-authored-by: kwinto <90881+kwinto@users.noreply.github.com>
Configure CodeQL to build and analyze ESM bundle only
|
@copilot fix the error and run prettier to fix format pipeline check Error: Encountered a fatal error while running "/opt/hostedtoolcache/CodeQL/2.23.6/x64/codeql/codeql database init --force-overwrite --db-cluster /home/runner/work/_temp/codeql_databases --source-root=/home/runner/work/Webchat/Webchat --calculate-language-specific-baseline --extractor-include-aliases --sublanguage-file-coverage --language=javascript --codescanning-config=/home/runner/work/_temp/user-config.yaml --build-mode=manual". Exit code was 2 and error was: A fatal error occurred: JavaScript/TypeScript does not support the manual build mode. Please try using one of the following build modes instead: none. See the logs for more details. |
Co-authored-by: kwinto <90881+kwinto@users.noreply.github.com>
Fix CodeQL workflow build-mode error and formatting
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.github/workflows/codeql.yml
Outdated
| languages: ${{ matrix.language }} | ||
| build-mode: ${{ matrix.build-mode }} | ||
| # Use config file only for JavaScript/TypeScript to limit analysis to ESM build | ||
| config-file: ${{ matrix.language == 'javascript-typescript' && '.github/codeql-config.yml' || '' }} |
There was a problem hiding this comment.
Setting an empty string ('') as the config-file fallback may cause issues. It's better to omit the config-file parameter entirely when not needed for non-JavaScript/TypeScript languages. Consider using conditional step inclusion or restructuring to only set config-file when it has a valid value.
|
@copilot remove language actions from graphql config, replace javascript with typescript in that config |
Co-authored-by: kwinto <90881+kwinto@users.noreply.github.com>
Configure CodeQL to analyze TypeScript only, remove Actions scanning
New GitHub Actions workflow for CodeQL analysis:
.github/workflows/codeql.ymlto automate CodeQL scanning foractionsandjavascript-typescriptlanguages, triggered by pushes, pull requests, and a weekly schedule.